Use this guide if you want to restrict access to individual WordPress posts and pages and only make those available to users who signed in to WordPress and belong to of specific Azure AD groups. To do so WPO365 introduces Audiences.
Each Audience is a group of users that is dynamically populated with members of one or more Azure AD groups. When you create or edit Audiences you give them a name e.g. "All internal Employees" and you enter one or more Azure AD group IDs. Audiences is a feature that you must be enabled before they can be created, edited and deleted and before they become effective.
Please note The Audiences feature can also be used to mark a page as private. If a post or page is marked as private, a user must be logged in before he / she is able to read the content. This option is only available when you selected the Internet or Internet (auth. only) authentication mode on the plugin's Single Sign-on configuration page.
Once Audiences are enabled and some Audiences are defined in your website's administration, content authors can simply add an easy-to-use Gutenberg block to the post or page and either check the option to make the post or page private or add Audiences from the list by entering (a part of) their name e.g. All employees or Partners.
If your theme does not support Gutenberg blocks, however, you can choose to use a custom meta box instead. If enabled, the Gutenberg block will no longer be available and instead the author of the post or page will be able to select Audiences (or to make a page a private one) in the sidebar of the post or page.
Users are dynamically assigned to Audiences based on a set of rules that can be managed on the plugin's User registration configuration page. A rule can be described with the an easy-to-understand title e.g. All Employees or Partners and a list of Azure AD group (object) IDs.
The default WordPress Users overview page will be enhanced and an additional column is added that will list the Audiences currently dynamically assigned to a specific user.
Please note A user's assignment to one or more audiences is re-evaluated each time a user signs in and / or each time the user is updated through WPO365's user synchronization processor.
Before you start
- You must already have configured the single sign-on capability of the WordPress + Office 365 plugin and users must be able to Sign in with Microsoft.
- You have purchased, installed and activated the WPO365 | ROLES + ACCESS extension or one of the two bundles WPO365 | SYNC or WPO365 | INTRANET (see https://www.wpo365.com/wordpress-plugins/ for details and pricing) to unlock the Audiences feature.
- You are an Administrator for your WordPress website.
- You have at least read access to your Azure AD's list of Users and / or Groups to be able to see the Azure AD group (object) ID's.
Perform the following steps to enable Audiences.
- Navigate to the plugin's User registration page WP Admin > WPO365 > User registration.
- Scroll to the Audiences section and check the option to Enable audiences.
Add / Edit a new Audience
Perform the following steps to add a new Audience.
- After you enabled Audiences, the list with configured Audiences will be visible. If no Audiences are defined, the list is empty and only a "+" button will appear.
- Click the "+" button to add a new Audience.
- Enter a name for your Audience e.g. Employees.
- The ID for your new Audience is just for information and does not need to be remembered.
- Now you can add one or more Azure AD group ID(s) to this Audience.
- To delete an Azure AD group, simply click the Recyle bin icon.
- To delete an Audience, you can click the Recycle bin at the end of the Audience's name field.
Use an Audience to restrict access to a WordPress post or page
Perform the following steps to use an Audience to restrict access to a WordPress post or page.
- Create a new post or page or edit an existing one.
- Click "+" to add a new Gutenberg block to the post or page.
- Search for Audiences and click to add the Audiences | PREMIUM block to the page.
- Search for an Audience by typing part of its name and then select it.
Perform the following steps to test the Audiences feature.
- Use your main browser window to sign into your WordPress website as administrator.
- Using the steps provided above create a new Audience and add at least one Azure AD group ID of which your test user is a member.
- Also create a new post or page and use the new Audience to restrict access.
- In a new guest or incognito browser session sign into your website with Microsoft as your test user.
- In your main browser window - as administrator - navigate to WP Admin > Users and ensure that the user has been dynamically assigned to the new Audience.
- Switch back to the guest or incognito browser and try to search for the new post or page and confirm that the page is visible in the search results.
- Then click the post or page to load it and confirm that this is possible.
- Now close the guest or incognito browser.
- In a new guest or incognito browser session sign into your website with Microsoft as a different user who is not a member of the new Audience.
- In your main browser window - as administrator - navigate to WP Admin > Users and ensure that the user has not been dynamically assigned to the new Audience.
- Switch back to the guest or incognito browser and try to search for the new post or page and confirm that the page does not appear in the search results.
- Try to load the post or page directly using a link and confirm that you receive a 404 Not Found error.